Re: Ports 0-1023?

From: Michal Zalewski (lcamtuf@coredump.cx)
Date: 07/04/02 

Date: Thu, 4 Jul 2002 14:18:24 -0400 (EDT)
From: Michal Zalewski <lcamtuf@coredump.cx>
To: alex <alex_tibbles@yahoo.co.uk>

On Thu, 4 Jul 2002, [iso-8859-1] alex wrote:

> The assumption was that if the system administrator ran it, then it must
> be trustworthy). This thinking harks back to an era when SysAdmins were
> a select breed, not just any punk with a linux box. Nowaydays it has
> been realised that trusting any other machine, even on your home
> network, is naive (because it could have been subverted).

No, that's not really like that. If you have a server, you expect that
whatever is served on low ports (such as 80), is put there by the
administrator / the owner of this machine, and not by any of 1000 other
users that, say, pay them for mail accounts.

Simple as that. Of course, whole privilege system on a generic Unix is
badly outdated and insufficient, but for as long as you have to live with
it, this is the best you can get.

> So the extra risk run giving these daemons extra privilege is wasted, I
> think.

Many daemons would still have to keep root privileges. SSH, telnet, ftp,
pop3, Sendmail and many more would most likely require root at some point.
With many services, you could possibly force them to start with non-root
privileges, but I bet you would most likely break some stuff and open new
security problems (remember the Sendmail issue with setuid() failing on
Linux with broken capabilities?). Many services just assume they succeeded
with some things, since they should be running as root at this point. For
some system calls, semantics is different depending on uid, this may be
dangerous too.

I think it is easier to check whether given service actually successfully
dropped the privileges on your system. 

-- 
_____________________________________________________
Michal Zalewski [lcamtuf@bos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Relevant Pages

  • Re: Problems with XP client
    ... your System Administrator. ... "Javier" wrote in message ... I have a Windows 2000 network, ... My user have administrator privileges in my cliente ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Changing Monitor Power Off Setting for Non-Administrator Profile
    ... running the commands must have Administrator privileges. ... Dave Patrick ....Please no email replies - reply in newsgroup. ... "System Administrator" wrote: ... With user Backup having only the default privileges from ...
    (microsoft.public.windows.server.general)
  • Re: make complains that a file is in the future
    ... >> privileges and cannot access the file server machine ... ask the system administrator to fix the problem. ...
    (comp.unix.programmer)
  • Software Loading Security!!!
    ... try to reinstall it says my system administrator has set ... privileges and I cannot load software. ...
    (microsoft.public.win2000.security)
  • Re: Great SWT Program
    ... from a terminal emulator and log in as root there. ... terminal-emulator windows open, ... The script, suid-root utility, or whatever would ... the command interpreter with root privileges ...
    (comp.lang.java.programmer)